Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

how to use #92

Open
weli-l opened this issue Jan 2, 2025 · 4 comments
Open

how to use #92

weli-l opened this issue Jan 2, 2025 · 4 comments
Labels
question Further information is requested

Comments

@weli-l
Copy link

weli-l commented Jan 2, 2025

Is there any documentation for this project? Under what user should bypass4netns run, normal user or root user? What should XDG_RUNTIME_DIR be set to?
@weli-l
Copy link
Author

weli-l commented Jan 2, 2025

When I run the bypass4netns command, I encounter a problem like this:

cannot listen: listen unix /run/user/1003/bypass4netns.sock: bind: no such file or directory

@AkihiroSuda
Copy link
Member

Under what user should bypass4netns run, normal user or root user?

Normal user.

What should XDG_RUNTIME_DIR be set to?

Automatically set by systemd: https://rootlesscontaine.rs/getting-started/common/login/

@AkihiroSuda
Copy link
Member

The easiest way to try bypass4netns is to use https://lima-vm.io

limactl start
lima
containerd-rootless-setuptool.sh install-bypass4netnsd
nerdctl run -it --rm --annotation nerdctl/bypass4netns=1 alpine

@AkihiroSuda AkihiroSuda added the question Further information is requested label Jan 15, 2025
@weli-l
Copy link
Author

weli-l commented Jan 15, 2025

The easiest way to try bypass4netns is to use https://lima-vm.io

limactl start
lima
containerd-rootless-setuptool.sh install-bypass4netnsd
nerdctl run -it --rm --annotation nerdctl/bypass4netns=1 alpine

Thanks for your answer. I have successfully run it using Podman.
Does b4ns achieve network isolation? Currently, I only use bypass4netns, deploy it in a container, the container has three network cards, and then start the sandbox in the container. When using iperf3, I found that the sandbox can communicate with all three network cards.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@AkihiroSuda @weli-l